• Relational Database Service

rds
  1. Help Center
  2. Relational Database Service
  3. User Guide
  4. FAQs
  5. Network and Security FAQs
  6. How Can I Prevent Untrusted Source IP Addresses from Accessing RDS DB Instances?

How Can I Prevent Untrusted Source IP Addresses from Accessing RDS DB Instances?

  • After you bind EIPs to the DB instances, your EIP DNS and database ports may be obtained by malicious individuals. To protect your information, you are advised to set the range of source IP addresses in the RDS security group to ensure that only trusted source IP addresses can access your DB instances.
  • To prevent your database password from being maliciously cracked, set a strong password according to the password strength policies and periodically change it.
  • RDS for MySQL supports defense against brute force cracking. If malicious individuals have obtained your EIP DNS, database port, or database login information and try to crack your database with brute force, your service connections may be delayed. In this case, you can restrict the source connections and change the database username and password to prevent further damage. If necessary, you can also run the following command to temporarily disable defense against brute force cracking to avoid service interruption:

    set global connection_control_failed_connections_threshold=0;

    NOTE:
    • RDS for PostgreSQL does not support defense against brute force cracking.
    • For RDS for Microsoft SQL Server, defense against brute force cracking is enabled by default and cannot be disabled.